Jump to content

Is Not Over!! WannaCry??


raisya

Recommended Posts

Healthcare industry was likely to be next frontier for major cyber attacks. A Wanna Cry attack is one of a ransomware that could cause serious damage to the companies. Companies without backup indeed lost data due to the asymmetric encryption usage. My questions, what are the basic measure that companies should execute to have a better chance at staying safe? And why this attack was so devastating to companies? :)

Link to comment
Share on other sites

  • Most Valued Members

I'd say the lack of patching certainly helped the spread of WannaCry.

A lot of NHS computers for example still apparently use XP. But I believe there was a patch for the exploit WannaCry used, EternalBlue, available at the time.

I also heard someone in a hospital had opened an attachment in an email that basically said you have been infected by ransomware, open the attachment to find out how to pay and recover your files. This however was a lie, the infection did not start until the attatchment was opened.

Not sure how true the above statement is but the reality is people put too much trust on their AV to catch everything and often end up taking risks they probably wouldn't otherwise. Companies need to regularly teach all members of staff and not just IT on the best security practises and how to look out for things such as phishing emails and other forms of social engineering. This should be a regular thing, with all members of staff kept up to date with the latest issues, threats etc. One way some companies are teaching staff are with tests e.g. simulations with phishing emails.

Lastly backup is important. Also in a sense a backup plan. An incident plan. The chances are companies will one day be breached so companies need to plan a response plan and be able to act on it quickly.

Edited by peteyt
Link to comment
Share on other sites

Thanks for your time peteyt :)

As I mentioned above, the issues on Wanny Cry happen at UK hospital that leads to an operation being cancelled, ambulance being diverted and documents such as patient records made unavailable to access and have been stolen.

So, I agree your point that every company should have expertise in IT and do backup plan. 

 

Link to comment
Share on other sites

  • Most Valued Members
2 minutes ago, raisya said:

Thanks for your time peteyt :)

As I mentioned above, the issues on Wanny Cry happen at UK hospital that leads to an operation being cancelled, ambulance being diverted and documents such as patient records made unavailable to access and have been stolen.

So, I agree your point that every company should have expertise in IT and do backup plan. 

 

The problem is often security is left to the it department but really everyone should play a part

Link to comment
Share on other sites

The WannaCry incident was as serious as it was because all that was needed was one endpoint in the network to be unpatched and it was "game over." And the unpatched device did not have to be a PC but any device that had a version of Windows that was vulnerable to the EternalBlue and DoublePulsar exploits WannaCry used. I believe in the U.K. NHS incident, the WannaCry targets were traced to lab devices that were running unpatched Win XP.

Additonally, latter examination of the incident showed that WannaCry was "in the wild" for a while prior to Microsoft offering the patches to it for Win 7 and subsequently Win XP.

Bottom line - your best protection against incidents like this is to apply all Windows patches immediately as soon as they are offered.

Edited by itman
Link to comment
Share on other sites

Thanks for your information itman .;)

Yes, protection is needed for this attack but how to detect the first offender of this ransomware attack?

 

 

Link to comment
Share on other sites

On ‎11‎/‎18‎/‎2017 at 11:42 PM, raisya said:

how to detect the first offender of this ransomware attack?

Per se, the WannaCry incident was not a ransomware attack. Relatively little money was gained from the attack. It's primary purpose was to sow as much disruption as possible. As such, assume a nation state was behind the attack in some form or the other.

When an attacker employs nation state espionage exploits that have went undetected for years, I believe it a "stretch" for a retail based AV product to be able to detect it in-the-wild; yet alone being able to prevent its execution. Again without a system vulnerability to exploit, these attacks will fail. So the responsibility for rectifying this situation is fully Microsoft's. That said, Eset does have excellent exploit protection if you keep the proper frame of reference in mind.

As far as the U.K. NHS incident, here the official report on it which contains multiple more detailed .pdf references: https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/

 

Edited by itman
Link to comment
Share on other sites

  • 2 weeks later...
  • Most Valued Members
7 hours ago, SeasonPast said:

these companies must think better about their security

Response time is also crucial as I mentioned briefly a bit back. Many companies believe they are protected enough so when a cyber attack happens they are not ready. No security solution is ever 100 percent so companies need to think of not if they will get attacked but when and be ready for it.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...